Commit graph

357 commits

Author SHA1 Message Date
4446a661b5 Provide SCIM2 client capabilities behing an experimental Feature Profile
Some checks are pending
Keycloak CI / Test PoC (push) Blocked by required conditions
Keycloak CI / Status Check - Keycloak CI (push) Blocked by required conditions
CodeQL / Check conditional workflows and jobs (push) Waiting to run
CodeQL / CodeQL Java (push) Blocked by required conditions
CodeQL / CodeQL JavaScript (push) Blocked by required conditions
CodeQL / CodeQL TypeScript (push) Blocked by required conditions
CodeQL / Status Check - CodeQL (push) Blocked by required conditions
Keycloak Documentation / Check conditional workflows and jobs (push) Waiting to run
Keycloak Documentation / Build (push) Blocked by required conditions
Keycloak Documentation / External links check (push) Blocked by required conditions
Keycloak Documentation / Status Check - Keycloak Documentation (push) Blocked by required conditions
Keycloak Guides / Status Check - Keycloak Guides (push) Blocked by required conditions
Keycloak Guides / Check conditional workflows and jobs (push) Waiting to run
Keycloak Guides / Build (push) Blocked by required conditions
Keycloak JavaScript CI / Admin UI (push) Blocked by required conditions
Keycloak JavaScript CI / Account UI E2E (push) Blocked by required conditions
Keycloak JavaScript CI / Generate Test Seed (push) Blocked by required conditions
Keycloak JavaScript CI / Admin UI E2E (push) Blocked by required conditions
Keycloak JavaScript CI / Status Check - Keycloak JavaScript CI (push) Blocked by required conditions
Keycloak Operator CI / Build distribution (push) Blocked by required conditions
Keycloak JavaScript CI / Check conditional workflows and jobs (push) Waiting to run
Keycloak JavaScript CI / Build Keycloak (push) Blocked by required conditions
Keycloak JavaScript CI / Admin Client (push) Blocked by required conditions
Keycloak JavaScript CI / UI Shared (push) Blocked by required conditions
Keycloak JavaScript CI / Account UI (push) Blocked by required conditions
Keycloak Operator CI / Check conditional workflows and jobs (push) Waiting to run
Keycloak Operator CI / Test local (push) Blocked by required conditions
Keycloak Operator CI / Test remote (push) Blocked by required conditions
Keycloak Operator CI / Test OLM installation (push) Blocked by required conditions
Keycloak Operator CI / Status Check - Keycloak Operator CI (push) Blocked by required conditions
Closes #1234

Signed-off-by: Alex Morel <amorel@codelutin.com>
2024-11-05 10:39:26 +01:00
Steven Hawkins
b2ccde29bb
fix: persist build time spi options (#34157)
closes: #33902

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-10-23 16:51:11 +02:00
Steven Hawkins
af1a5ea2a8
fix: refining https file type detection (#33703)
also making common trustore logic align

closes: #33649

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-10-22 13:05:56 -04:00
mposolda
b95d12a968 Add AuthzClientCryptoProvider to authz-client in keycloak main repository
closes #33831

Signed-off-by: mposolda <mposolda@gmail.com>
2024-10-15 08:16:14 +02:00
Jon Koops
3930356c21
Treat unencrypted local origins as an insecure context in Safari (#33700)
Closes #33557

Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-10-09 23:38:03 +02:00
Jon Koops
aacdf80664
Add shim for Web Crypto API to admin and account console (#33480)
Closes #33330

Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-10-03 10:51:23 +00:00
Erik Jan de Wit
e8d8de8936
Use feature versions for admin3, account3, and login2 (#33458)
Closes #33405

Signed-off-by: stianst <stianst@gmail.com>
2024-10-03 12:09:36 +02:00
Stefan Guilhen
9b7cf9d584 Ensure componentsByParentAndType in CachedRealm is returned as a concurrent multi-valued map
Closes #30235

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
2024-10-01 17:39:00 -03:00
Jon Koops
5e2f09f66d
Remove statically served Keycloak JS from the server (#33083)
Closes #32827

Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-09-22 19:05:01 +02:00
rmartinc
c532751ff4 Downgrade Java for client libraries to 8
Closes #33051

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-09-20 17:01:01 +02:00
Vlasta Ramik
4ce40be1af
Make the ORGANIZATION a default feature (#32404)
Closes #32395

Signed-off-by: vramik <vramik@redhat.com>
2024-09-18 12:19:28 +02:00
Jan-Henrik Bruhn
da5fd31a5f Fix KeycloakUriBuilder for Uris without a host name
Signed-off-by: Jan-Henrik Bruhn <github@jhbruhn.de>
2024-09-18 08:42:06 +02:00
Martin Bartoš
7625e3b4ea
Improve error message when wrong KC profile is set (#32898)
Closes #30454

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
Co-authored-by: Steven Hawkins <shawkins@redhat.com>
2024-09-16 09:37:20 +02:00
Pedro Ruivo
f67bec0417 Rename remote-cache Feature
Renamed to "clusterless"

Closes #32596

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-09-13 13:03:13 +02:00
Pedro Ruivo
24fce87a8e
Deprecate old remote store (feedback)
Closes #32577

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-09-11 14:08:53 +00:00
Pedro Ruivo
3274591fe1
Deprecate old remote store
Closes #32577

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-09-04 10:25:51 +00:00
Martin Bartoš
afcbf79582 OTEL: Profile Feature
Closes #32231

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
2024-08-30 13:19:09 +02:00
Steven Hawkins
29eb0171de
task: remove hostname v1 (#32352)
closes: #27731

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-08-28 17:48:06 +02:00
Michal Hajas
f5b2775939 Enable persistent sessions by default
Run CI with the feature disabled to test also the old settings
Closes #32265

Signed-off-by: Michal Hajas <mhajas@redhat.com>
2024-08-21 17:37:54 +02:00
Pedro Igor
8e0436715c Support for ALL and ANY organization scope values
Related #31438

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-08-19 08:45:23 -03:00
Steven Hawkins
ea3937f37c
fix: always replacing placeholders (#31871)
closes: #31625

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-08-12 16:20:47 +00:00
Justin Tay
966a454548
Add ECDH-ES JWE Algorithm Provider, Add generated ECDH key provider (#23928)
Closes #23596
Closes #23597

Signed-off-by: Justin Tay <49700559+justin-tay@users.noreply.github.com>
2024-08-08 17:29:35 +02:00
Michal Hajas
50c07c6e7c
Simplify configuration for MULTI_SITE
Closes #31807

Signed-off-by: Michal Hajas <mhajas@redhat.com>
2024-08-06 16:14:33 +00:00
Tero Saarni
62fd969fe1
Allow requests from local IPv6 addresses
If administrator selects EXTERNAL for Require SSL setting, allow clear-text
HTTP requests when client is coming from IPv6 link-local or unique local
address (ULA).

Previously only private IPv4 addresses were allowed and private IPv6 addresses
were rejected.

Closes #30678

Signed-off-by: Tero Saarni <tero.saarni@est.tech>
2024-08-05 16:38:55 +02:00
Hynek Mlnarik
a7374f92be Update login theme to login v2
Fixes: #29009

Signed-off-by: Hynek Mlnarik <hmlnarik@redhat.com>
2024-07-18 14:33:22 +02:00
Steven Hawkins
96511e55c6
startup, welcome, and cli handling of bootstrap-admin user (#30054)
* fix: adding password and service account based bootstrap and recovery

closes: #29324, #30002, #30003

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

* Fix tests

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

---------

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
Co-authored-by: Václav Muzikář <vmuzikar@redhat.com>
2024-07-03 15:23:40 +02:00
Thomas Darimont
f34bb21af6
Fix deprecations in common module
- Use charset in `Encode` class
- Replace reflective call to protected `Liquibase#resetServices()` with call to exposed public method on a custom subclass `KeycloakLiquibase`
- Remove usage of deprecated AccessController class in Reflections
- Deprecated SetAccessibleProvilegedAction and UnsetAccessibleProvilegedAction

Fixes #22209

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-07-02 16:02:35 +00:00
rmartinc
c20dbc5c32 Add availability for features and make kerberos use it
Closes #30730

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-06-26 14:33:38 +02:00
Douglas Palmer
5af3001122 Check if OSGI metadata can be removed entirely
Closes #29104

Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
2024-06-25 14:12:33 +02:00
Jon Koops
df18629ffe
Use a default Java version from root POM (#29927)
Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-06-21 14:19:31 +02:00
Pedro Ruivo
d2ae27a1e2 External Infinispan as cache - Part 1
Part 1 includes

* New experimental feature to enable the new code
* New providers using RemoteCache only
* New test profile to run the tests with the experimental feature

New providers' implementation for:
* InfinispanConnectionProvider
* AuthenticationSessionProvider
* ClusterProvider

Closes #28140

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
2024-06-19 14:47:57 +02:00
Jon Koops
c7361ccf6e
Run the Vite dev server through the Keycloak server (#27311)
Closes #19750
Closes #28643
Closes #30115

Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-06-12 11:55:14 +02:00
Steven Hawkins
5059a02eb2
fix: minor refinements to collection utils (#29536)
closes: #29535

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-06-06 10:07:34 -04:00
vramik
2b97859bca Move Organization feature from EXPERIMENTAL to PREVIEW
Closes#30137

Signed-off-by: vramik <vramik@redhat.com>
2024-06-04 09:57:03 -03:00
Jon Koops
a3b2dd0735
Remove deprecated ServerCookie class (#29916)
Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-05-28 14:14:05 +00:00
Patrick Jennings
84acc953dd
Client type OIDC base read only defaults (#29706)
closes #29742
closes #29422

Signed-off-by: Patrick Jennings <pajennin@redhat.com>
2024-05-22 09:07:19 +02:00
Dimitri Papadopoulos Orfanos
64a145e960
Fix user-facing typos in error messages (#29326)
Update resource file and tests accordingly

Signed-off-by: Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com>
2024-05-16 09:55:41 +02:00
Takashi Norimatsu
b4e7d9b1aa
Passkeys: Supporting WebAuthn Conditional UI (#24305)
closes #24264

Signed-off-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
Signed-off-by: mposolda <mposolda@gmail.com>


Co-authored-by: mposolda <mposolda@gmail.com>
2024-05-16 07:58:43 +02:00
Alexander Schwartz
6fbe207d64
Create documentation for persistent user sessions
Closes #29218

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2024-05-13 11:02:45 +02:00
Dimitri Papadopoulos Orfanos
cd8e0fd333
Fix user-facing typos in Javadoc (#28971)
Signed-off-by: Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-05-06 18:57:55 +00:00
Pedro Ruivo
fe5bed6191
Retry fetching event from remote cache
Closes #28303

Signed-off-by: Pedro Ruivo <pruivo@redhat.com>
Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
2024-05-06 17:27:07 +02:00
Michal Hajas
128bba34d3 Remove PERSISTENT_USER_SESSIONS_No_CACHE feature
Closes #29264

Signed-off-by: Michal Hajas <mhajas@redhat.com>
2024-05-06 08:53:39 +02:00
Steven Hawkins
4697cc956b
further refinement of context handling (#28182)
* fully removing providers and moving the keycloaksession creation / final
cleanup

also deprecated Resteasy utility methods

closes: #29223

Signed-off-by: Steve Hawkins <shawkins@redhat.com>

Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-05-02 11:21:01 -04:00
Ricardo Martin
fc6b6f0d94
Perform exact string match if redirect URI contains userinfo, encoded slashes or parent access (#131) (#28872)
Closes keycloak/keycloak-private#113
Closes keycloak/keycloak-private#134

Signed-off-by: rmartinc <rmartinc@redhat.com>
Co-authored-by: Stian Thorgersen <stianst@gmail.com>
2024-04-18 16:02:24 +02:00
rmartinc
ddacfbdefd Remove deprecated LinkedIn social provider
Closes #23127

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-04-18 10:10:58 +02:00
Václav Muzikář
e4987f10f5
Hostname SPI v2 (#26345)
* Hostname SPI v2

Closes: #26084

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

* Fix HostnameV2DistTest#testServerFailsToStartWithoutHostnameSpecified

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

* Address review comment

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

* Partially revert the previous fix

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

* Do not polish values

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

* Remove filtering of denied categories

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>

---------

Signed-off-by: Václav Muzikář <vmuzikar@redhat.com>
2024-04-09 11:25:19 +02:00
Alexander Schwartz
c580c88c93
Persist online sessions to the database (#27977)
Adding two feature toggles for new code paths to store online sessions in the existing offline sessions table. Separate the code which is due to be changed in the next iteration in new classes/providers which used instead of the old one.

Closes #27976

Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
Signed-off-by: Michal Hajas <mhajas@redhat.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2024-03-28 09:17:07 +01:00
Jon Koops
3382e16954
Remove Account Console version 2 (#27510)
Closes #19664

Signed-off-by: Jon Koops <jonkoops@gmail.com>
2024-03-27 10:53:28 +01:00
Steven Hawkins
be32f8b1bf
fix: limit the use of Resteasy to the KeycloakSession (#28150)
* fix: limit the use of Resteasy to the KeycloakSession

contextualizes other state to the KeycloakSession

close: #28152
2024-03-26 13:43:41 -04:00
Steven Hawkins
7eab019748
task: deprecate WILDCARD and STRICT options (#26833)
closes: #24893

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
2024-03-21 16:22:41 +01:00